Data mining is becoming a pervasive technology in activities as diverse as using historical data to predict the success of a marketing campaign, looking for patterns in financial transactions to discover illegal activities or analyzing genome sequences. From this perspective, it was just a matter of time for the discipline to reach the important area of computer security. Applications Of Data Mining In Computer Security presents a collection of research efforts on the use of data mining in computer security.
Applications Of Data Mining In Computer Security concentrates heavily on the use of data mining in the area of intrusion detection. The reason for this is twofold. First, the volume of data dealing with both network and host activity is so large that it makes it an ideal candidate for using data mining techniques. Second, intrusion detection is an extremely critical activity. This book also addresses the application of data mining to computer forensics. This is a crucial area that seeks to address the needs of law enforcement in analyzing the digital evidence.

Dr. Sushil Jajodia is Professor and Chairman of the Dept. of Information and Software Engineering, and Director of the Center for Secure Information Systems at the George Mason University, Fairfax, Virginia, USA

1 Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt.- 1. Introduction.- 2. Detection Strategies.- 3. Data Sources.- 4. Degrees of Attack Guilt.- 5. Conclusion.- References.- 2 Data Mining for Intrusion Detection.- 1. Introduction.- 2. Data Mining Basics.- 3. Data Mining Meets Intrusion Detection.- 4. Observations on the State of the Art.- 5. Future Research Directions.- 6. Summary.- References.- 3 An Architecture for Anomaly Detection.- 1. Introduction.- 2. Architecture.- 3. ADAM: an implementation of the architecture.- 4. Experiences.- 5. Breaking the dependency on training data.- 6. Future.- References.- 4 A Geometric Framework for Unsupervised Anomaly Detection.- 1. Introduction.- 2. Unsupervised Anomaly Detection.- 3. A Geometric Framework for Unsupervised Anomaly Detection.- 4. Detecting Outliers in Feature Spaces.- 5. Algorithm 1: Cluster-based Estimation.- 6. Algorithm 2: K-nearest neighbor.- 7. Algorithm 3: One Class SVM.- 8. Feature Spaces for Intrusion Detection.- 9. Experiments.- 10. Discussion.- References.- 5 Fusing a Heterogeneous Alert Stream into Scenarios.- 1. Introduction.- 2. Fusion Approach.- 3. Architecture.- 4. Definitions.- 5. Probability Assignment.- 6. Experimental Results.- 7. System Benefits.- 8. Discussion and Summary.- References.- 6 Using MIB II Variables for Network Intrusion Detection.- 1. Introduction.- 2. Background.- 3. Model Construction.- 4. Experiments and Performance Evaluation.- 5. Discussion.- 6. Related Work.- 7. Conclusions and Future Work.- References.- 7 Adaptive Model Generation.- 1. Introduction.- 2. Components of Adaptive Model Generation.- 3. Capabilities of Adaptive Model Generation.- 4. Model Generation Algorithms.- 5. Model Generation Example: SVM.- 6. System Example 1: Registry Anomaly Detection.- 7. System Example 2: HAUNT.- 8. Conclusion.- References.- 8 Proactive Intrusion Detection.- 1. Introduction.- 2. Information Assurance, Data Mining, and Proactive Intrusion Detection.- 3. A methodology for discovering precursors - Assumptions, Ob-jectives, Procedure and Analysis.- 4. A Case Study - Precursor Rules for Distributed Denial of Ser-vice Attacks.- 5. Conclusions.- References.- 9 E-mail Authorship Attribution for Computer Forensics.- 1. Introduction and Motivation.- 2. Authorship Attribution.- 3. E-mail Authorship Attribution.- 4. Support Vector Machine Classifier.- 5. E-mail Corpus and Methodology.- 6. Results and Discussion.- 7. Conclusions.- References.